Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Static code analysis for detecting passing a wchar_t* to BSTR

Tags:

c++

visual-c++

static-code-analysis

bstr

Since a BSTR is only a typedef for wchar_t* our code base has several (many?) places where string literals are passed to a method expecting a BSTR this can mess up with marshallers or anyone who tries to use any BSTR specific method (e.g. SysStringLen).

Is there any way to statically detect this type of misuse?

I tried compiling with VC10 /Wall and with static code analysis Microsoft All Rules but the following offending piece of code doesn't get flagged by either of them.

void foo(BSTR str)  
{
    std::cout << SysStringLen(str) << std::endl; 
}

int _tmain()
{
    foo(L"Don't do that");
}

Update: After trying to vandalize wtypes.h into detecting these kinds of transgressions I've given up.

I tried two paths, both of which I got to work with my sample program above but once I tried a real project they failed.

  1. create a class named BSTR but since a VARIANT has a BSTR as a union member the new class couldn't have any constructors or assignment operators this broke every place were NULL was treated as a BSTR. I tried to replace NULL with a type that has conversion operators but after adding dozens of new operators (comparison, conversion etc.) I started to run into ambiguous calls and gave up.
  2. I then tried the way suggested by @CashCow and @Hans (makeing BSTR a typedef to another type of pointer). That didn't work either, after adding toBSTR and fromBSTR methods and littering comutil.h (_bstr_t) and other places with conversions I finally got to the point where the compiler choked at headers produced from IDLs (default values are translated to literal wide strings).

In short I've given up on trying to achieve this on my own, if anyone knows of a code analysis tool that can help I would be very happy to hear about it.

like image 917
Motti Avatar asked Jan 24 '12 11:01

Motti

1 Answers

I believe Coverity claims to detect these sorts of vulnerabilities. I remember them mentioning COM stuff specifically when they demo'd to a company I worked for.

Their datasheet certainly seems to imply they check for classes of improper BSTR usage. They have a demo-period; you could try it and see if it flags your sample input.

like image 191
i_am_jorf Avatar answered Oct 04 '22 02:10

i_am_jorf
Sign in to Comment

Related questions

Aggregate reference member and temporary lifetime
How to link old C code with reserved keywords in it with C++?
Segmentation fault on gcc caused by lambda wrapper over variadic template function call
How to implement std::distance() for custom templated iterator?
Does making a derived C++ class "final" change the ABI?
How to invoke aligned new/delete properly?
Can a variable template be passed as a template template argument?
Why did expression types change in C++ between versions?
Declare a C++ function that has C calling convention but internal linkage [duplicate]
Excluding certain functions from gcov/lcov coverage results
Is anyone using Maven/NAR for any large scale C/C++ projects? [closed]
Deterministically Generating cryptographically secure keys and IVEC's
C++ - Iterating over a tuple & resolution of type vs constant parameters
Eclipse - C++ hello world project's error
How can I maintain a weak reference on a COM object in C++?
David Lowe's SIFT -- Question about scale space and image coordinates (weird offset problem)
Program structure for bi-directional TCP communication using Boost::Asio
How to recursively dereference pointer (C++03)?
C++ code for CPU load and CPU temperature
Perfect pass-through

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!